On Thu, Jul 03, 2003, Aleix Conchillo Flaque wrote: > > hi, > > i've added key usage extensions to some CSR and these have been added to > the certificate. for this, i've use the function X509V3_EXT_conf_nid > (like in the mkreq.c example). > > now, i'd like to obtain key usage values from an X509_EXTENSION > structure. how can i obtain each of these values? that is, obtain > digitalSignature, nonRepudiation... >
Look in doc/openssl.txt, there are various functions which can manipulate extensions in various places. For a certificate request you can retrieve a STACK_OF(X509_EXTENSION) using X509_REQ_get_extensions() then search and parse it using X509V3_get_d2i(). For keyUsage you get back an ASN1_BIT_STRING structure. From that you can test individual bits using ASN1_BIT_STRING_get_bit(). Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
